Light on old MacBook webcams can be bypassed

The MacBook's LED indicator is off, but its webcam is very much turned on

Matthew Brocker and Stephen Checkoway

A common pastime among the residents of the internet's seedy
underbelly is spying on people through their webcams then using the
pictures to harass and blackmail the victims. This kind of hacking
went mainstream when Miss Teen USA Cassidy Wolf was named as a victim of a
blackmail attempt.

In addition to standard computer security advice given to combat
this behavior -- keep your computer patched, don't install malware,
and so on -- it's commonly suggested that you only use webcams
where the activity LED is hardwired to light up whenever the camera
is active. Among others, Apple's line of laptops has been
identified as having such hardwired LEDs. However, researchers at
Johns Hopkins University have published a paper, first reported on by the Washington Post, demonstrating that even this isn't good
enough. Some hardwired LEDs turn out to be, well, software
controlled after all.

As with just about every other piece of modern hardware, the
webcams in the computers that the researchers looked at -- an iMac
G5 and 2008-vintage MacBooks, MacBook Pros, and Intel iMacs -- are
smart devices with their own integrated processors, running their
own software. The webcams have three main components: the actual
digital imaging sensor, a USB interface chip with both an
integrated Intel 8051-compatible microcontroller and some Ram, as
well as a little bit of EEPROM memory.

One line joins the USB chip to an input on the imaging sensor
called standby. When the line is held high by the interface chip,
the sensor is put into standby mode and stops producing data. When
it's held low, the sensor is taken out of standby mode and starts
producing data. The same line is also wired to the negative side of
an LED. Accordingly, when the line is high (and the imaging chip
off), the LED is off. When the line is low, the LED is turned
on.

In principle, then, this should serve as a hardware interlock.
The LED is clearly hardwired, and its state should directly reflect
whether the imaging chip is in standby or not. Unfortunately, the
whole system is controlled by a layer of software.

When the driver for the webcam is loaded, the host PC uploads a
small program to the USB controller (it has no permanent firmware
storage of its own, so it has to be uploaded each time the camera
driver is loaded). This small program in turn configures the
imaging chip. The imaging chip doesn't have too many configurable
properties, but one thing that it does have is whether it pays
any attention to the standby input.

Apple's own drivers set a configuration where standby is
respected. But other configurations are possible -- such as one
where the chip ignores standby entirely and always produces image
data.

With this knowledge in hand, the researchers wrote a new piece
of software to upload to the webcam. This piece of software was
much like the normal webcam software but with two differences:
first, it told the imaging sensor to ignore the standby input.
Second, it ensured that the standby line was always held high to
prevent the LED from illuminating.

The result: a webcam with a hardwired indicator LED that
nonetheless allowed image capture without lighting the indicator
LED.

Not all cameras promise to have hardwired indicator lights in
the first place. Many Logitech cameras, for example, have a
software-controlled LED. Software is available for these cameras
that lets them be used as motion-activated security cameras --
always on, recording anything "interesting" that they see -- and
for this niche scenario, being able to disable the indicator makes
some sense.

Whether this design makes sense for most users, given the
apparent abundance of surreptitious webcam-based spying, is less
clear.

The researchers did not test modern Apple computers or other,
non-Apple webcams. Secure designs for the indicator LED are
possible, and different imaging sensor/USB controller pairings
might prove to be more robust. Nonetheless, one thing is clear: if
your hardware interlock is software mediated, it's not a hardware
interlock any more. When it comes to protecting against webcam
spying, you should ignore the technology and simply tape over the
camera.